Practice Free FCSS_EFW_AD-7.4 Exam Online Questions
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed
Why didn’t the script make any changes to the managed device?
- A . Commands that start with the # sign are not executed.
- B . CLI scripts will add objects only if they are referenced by policies.
- C . Incomplete commands are ignored in CLI scripts.
- D . Static routes can only be added using TCL scripts.
Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels?
- A . Disable add-route on hub
- B . Set protected network to all
- C . Enable AD-VPN in IPsec phase 1
- D . Configure IP addresses on IPsec virtual interfaces
Which layer of the FortiOS architecture does an application process or daemon run on?
- A . User space
- B . Configuration layer
- C . Kernel
- D . Hardware
Which statement about memory conserve mode is true?
- A . A FortiGate exits conserve mode when the configured memory use threshold reaches yellow.
- B . A FortiGate Starts dropping all the new and old sessions when the configured memory use threshold reaches extreme.
- C . A FortiGate starts dropping new sessions when the configured memory use threshold reaches red
- D . A FortiGate enters conserve mode when the configured memory use threshold reaches red
Which two statements about application layer test commands are true? (Choose two.)
- A . They are used to filter real-time debugs.
- B . They display real-time application debugs.
- C . Some of them can be used to restart an application.
- D . Some of them display statistics and configuration information about a feature or process.
View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?
- A . FortiGate will exempt the connection based on the Web Content Filter configuration
- B . FortiGate will block the connection based on the URL Filter configuration.
- C . FortiGate will allow the connection based on the FortiGuard category based filter configuration.
- D . FortiGate will block the connection as an invalid URL.
View the exhibit, which contains the partial output of the web filtering cache, and then answer the question below.
Which category does www.elitehacking.com belong to?
- A . Information Technology
- B . Peer-to-peer File Sharing
- C . Other Adult Materials
- D . Business
Refer to the exhibit, which shows a session entry.
Which statement about this session is true?
- A . It is an ICMP session from 10.1.10.10 to 10.200.5. 1.
- B . It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.
- C . It is an ICMP session from 10.1.10.10 to 10.200.1.1.
- D . It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.
Which two configuration changes can be applied to optimize the memory usage on FortiGate? (Choose two.)
- A . Increase TCP session timers.
- B . Reduce the FortiGuard cache TTL.
- C . Use flow-based inspection.
- D . Increase the maximum file size for AV inspection.
- E . Decrease the sessions TTL.
Refer to the exhibit, which contains a partial routing table.
Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)
- A . Source IP address 10.1.0.24, Destination IP address 10.72.3.20.
- B . Source IP address 10.72.3.52, Destination IP address 10.1.0.254.
- C . Source IP address 10.72.3.27, Destination IP address 10.1.0.52.
- D . Source IP address 10.73.9.10, Destination IP address 10.72.3.15.